We Love Bloggin’ Just as Much as You Do.

Tell people what you were into lately

Why you need to protect employee identities in order to secure your organisation

Security is a popular topic when it comes to IT and for good reason. The Australian Cyber Security Centre’s recently released Annual Cyber Threat Report revealed Australians are reporting 160 cybercrimes every day. Yet whilst there is constant noise and chatter about the need for advanced IT security, many organisations are unaware of the specific areas to focus on.

To understand your current security posture, you need to look at four areas:

  1. Identity Management
  2. Device Management
  3. Information Management
  4. Infrastructure

Only in delving into the details of each pillar can you ensure your organisation is suitably protected.

 

What do we mean by identity protection & why does it matter?

Protecting identity is about setting necessary controls to ensure users are appropriately authenticated before being given access to resources.

With good identity management, we can prevent accounts being compromised and the wrong people accessing sensitive information. This is a highly common workplace occurrence as phishing scams become increasingly sophisticated,” says Ross Newton, Senior Consultant, Insync Technology.

Whilst securing employee identities has always been a consideration, a combination of increased cyber-attacks, dispersed or flexible workplaces and new technology has led to older, traditional authentication measures no longer being fit for purpose. The trusty password is no longer enough.

People are accessing information now in a very different way. They might use public networks or personal devices, both of which shift the boundaries of security. In the past a firewall might have been your go-to security boundary, now it needs to occur based on an individual employee’s identity,” adds Ross.

 

How to ward off an identity crisis

Regardless of the number of employees within your organisation, managing identities is not difficult – as long as you know how.  Modern workplace technology like Microsoft 365, offers in built tools and functionality to assist organisations wanting to strengthen their identity protection.

  1. Multi Factor Authentication (MFA)

Enabling MFA in your workplace is a common first step to securing identities. There are different options on how staff authenticate; using an SMS code is popular whilst employees with access to more sensitive information or with financial controls might opt for a hardware token solution.

  1. Password Policies

In the past, choosing a word or name and adding a number was sufficient for a workplace password. Those days are gone! To ensure your employees are using strong passwords, Microsoft 365 allows you to set controls over the types of passwords they can choose. This might include banning commonly breached passwords, Or phrases and words that are specific to the organisation.

  1. Conditional Access

Conditional Access policies are key to enforcing zero-trust approach to security.  Conditional Access can apply contextual factors such as user, device, location and risk to control access to organisational resources. By setting clear controls and leveraging your MFA, you can control which employees have access to what information and when they have access.

These three things can all strengthen your identity security when used correctly. Strong identity management will have a knock-on effect to your device, information, and infrastructure management. But if you have no MFA in place, for example, you open yourself up to risks and breaches that can then filter through to other areas,” notes Ross.

Picture this: An employee laptop is compromised due to an expired AV solution, without endpoint protection in place, the hacker begins harvesting credentials to log in, significantly increasing the threat to the organisation as a whole.

“If you take the right steps to secure identity, then you have a safety net in the event of poor device management,” adds Ross.

 

Ask the experts

Whilst modern workplace technology has a lot of capabilities, you also need to configure them to meet your specific requirements. According to Ross, there is often an assumption that the system is set and ready to go.

We talk a lot about the benefits of modern workplace technology but in order to reap the benefits, you need to take the time to ensure your system is correctly configured. This requires a certain level of skill that isn’t often found inhouse,” notes Ross.

Because of this, it is logical to seek expert help. Insync Technology specialises in delivering the modern workplace. The team of dedicated specialists work with a broad spectrum of organisations and are therefore exposed to a diverse array of threats, challenges, and possibilities. These experiences and learnings are then applied to other customers.

“We are constantly learning and evolving. When it comes to security, the level of complexity is high and there is a huge volume of information you need to process in order to understand the technology and how it integrates. With so many moving parts, it makes sense to bring in the experts,” concludes Ross.

How secure are your staff identities? Find out how Insync can help level up your security and protect your IT investment. Contact the team today.

Inside Insync – Ben Wirihana

Today we meet: 

Ben Wirihana, 

Team Lead 

Time with Insync:  November 2017 

Previous notable time in IT industry:  I have been working in IT since 2007, back when 19” CRT’s were the jam. 

What are your best skills for your role?
I enjoy problem-solving.  I may not be able to address all problems by myself, but I can find and empower the appropriate resources to ensure the timely resolution of issues.  

What do you like about your role?
I appreciate the people I work with.  I enjoy working with a capable and efficient team in a supportive environment.  I like the flexibility that I have in my roleas I can work from anywhere. 

What trends are you seeing with customers? 

This year has been challenging.  We are seeing the adoption and integration of technology to improve the effectiveness in communication within organisations.  Workplaces require more robust solutions to ensure their remote working environments remain available and secure.  

What do you think about the opportunity for Teams for customers?
We rely heavily on Teams for our internal and external communications.  I think it is a great and secure solution that can help to bring dispersed organisations back together. 

Where have you used Insync core values in Insync everyday work life: 

“Don’t walk past a problem”.  In our team, we are responsible for the role of dispatch.  It is important for our customers to receive prompt feedback when they require urgent assistance.  When performing the role of dispatch, I am not always able to provide an immediate solution.  When this situation occurs, I take responsibility of the case until a more appropriate resource can be given ownership.  This ensures that there is an available resource to communicate with the customer.  Open communication helps everyone to make informed decisions, creating a better customer experience.  

What do you like to do in your downtime?
In my downtime I enjoy going to the gym, playing basketball and bingeing Netflix.  My goal is to have more time to play video games. 

 

“Return to Work” Tech toys we’re putting under the tree this year

How does Rudolph know when Christmas is coming….?
He looks at the calen-deer.

It’s that time of the year again – we’re on the countdown to Christmas and we bet you are too. 2020 has been a very strange year, and I think we can all comfortably say people are looking forward to 2021 in a big way. With a vaccine on the horizon and things starting to get back to some level of normality, our customers have been planning on a return to work in some capacity in the calendar year 2021.

If you just want to see 2020 out and then think about things in 2021, we don’t blame you. But if you’ve got to plan out your workforce return to an office or campus, here are some stocking fillers for your Christmas list.

We’ve assessed all the best workplace technology and here’s what you should be looking at for any return-to-work scenario.

Get in touch for the best advice and prices on the below units – don’t buy twice with the wrong advice!

Personal / Exec devices

If you’re after a great portable speakerphone that is Teams certified, has great audio characteristics and also acts as a battery charger for your phone – look no further. The Sync 20 is new from Poly and retains their excellent audio performance for small areas and is portable for the mobile worker or exec who wants something quick and easy to use in their office or small meeting room. Portable, cost-effective and attractive.

Poly Sync Speakerphone

Poly Sync 20 Photography

Small Office / Huddle Room

Massively popular this year and into the future is the concept of small drop in spaces, or huddle rooms – providing a quick and easy way for people to collaborate with remote or external contacts without tying up a big meeting room, or unable to have a sensitive conversation at your desk. We’ve found these to be slick looking, easily portable and deployable, running the Microsoft Teams Room for Android client. These are natively supported in Teams and also can be managed via the Teams Admin Center for complete visibility and troubleshooting. Popular for small meeting spaces, exec rooms and even a power worker in their work-from-home situation if they need a dedicated meeting device. The roadmap for these collaboration bars is strong with dual HDMI out and HDMI ingest coming to the platforms in the future.

We recommend the Poly X30/X50 Collab Bar as the go to item for these types of rooms.

 

 

Medium Room

Moving up to a larger set up and more permanent may be required for some workspaces in your organisation. These might be more dedicated meeting rooms where you need to have an easy to use solution to join Teams meetings, or Direct Join* with Zoom and Cisco WebEx. These spaces are your traditional meeting room spaces, with something resembling a ‘codec’ and some form of camera. This gives you some ability to add and modify your experience – add more cameras, add more microphones and speakers etc.

The simplest console + codec on the market for a medium sized room is the Logitech TAP – simply connect this to an Intel NUC hidden under a table or behind the display – and this turns your meeting room space into a simple to use console.

Couple this with a high quality Logitech or Poly USB video bar, you’ve got an inexpensive and easy to use solution for the bigger size meeting rooms. Logitech sell preconfigured bundles that require minimal cabling and IT support to get moving.

An alternative is a Front of Room solution like the Yealink A20 which is a collaboration bar with a simple Teams Console accessory that minimises cabling (the Console can connect to the A20 unit via Ethernet (not Layer 2/3/IP)) and delivers a great audio and video experience at a cost-effective price. Keep in mind this is still a collaboration bar, so if you want expandable audio and video experiences, these will be limited.

Larger Room

The Crestron Flex Integrator Kit is hard to go past as a starting point for a larger room – with an insane amount of addons, extensibility and traditional Audio Visual options like room automation – the Integrator Kit is your starting point. Work with a trusted AV partner that understands the Microsoft ecosystem (like us) to get a fit for purpose build that incorporates the right camera technology, the specific audio experience you need and an appropriate budget. Crestron is a traditional staple in large enterprises and complex environments like Universities where the meeting and lecture experience is paramount, with ease of management and reporting standard around meeting room usage, patronage, hardware failures and monitoring.

Just Plain Cool

 

Poly RealConnect for Microsoft Teams

If your budget doesn’t stretch to re-fit out meeting rooms, never fear. There is a simple and easy way to get your staff and colleagues into Teams Meetings using older legacy videoconferencing spaces. It’s called Poly RealConnect for Microsoft Teams. This cloud-based service integrates with your existing Office 365/Microsoft 365 environment at a service-level, allowing you to insert “coordinates” into your Teams Meetings that older videoconferencing units can understand. This, and the One Touch Dial service, allows simple ‘join’ buttons on older videoconferencing gear to allow a single touch entry into Microsoft Teams Meetings. No dialling silly long strings and confusing email looking addresses. You’ll need a partner to sell and configure for you, but once that’s done its set and forget, just make sure you invite the room to the meeting!

Surface Hub 85”

Shipping now, the Microsoft Surface Hub 2 in an 85” size is something to behold. Sleek and sophisticated looking, this will light up any collaboration or executive space with an interactive meeting room experience. Not as expensive as you might think for the size and collaboration ability – look for these to hit the market late 2020 and early 2021.

Staying Connected, Trivia and Company Culture

With offices located around Australia, staying connected and communicating effectively as a team is a central component to the success of the Insync workplaceFrom day one we have focused on implementing several mechanisms to embrace the modern workplace and to ensure employees feel connected 

As part of the establishment of Insync – founders Nathan Belling, Stuart Moore, and Damien Margaritis considered company culture as a strategic business pillar, and at its core – the company values.  

 

In an office environment, you might have a break room, communal dining area where people can mingle and destress – adding that social aspect to the work environment. As a hybrid workplace, we face the challenge that day-to-day social interactions may be lost. One way we try to combat this is to hold a team social event – usually something fun and with a bit of friendly competition.  

We’ve tried a few different things this year – including Funlympics event, Jackbox games, virtual beer, and pizza get-togethers – somewhere our employees across Australia can join their peers and colleagues in a relaxed atmosphere. This time it was to compete for trivia supremacy and bragging rights.   

Team bonding is an essential ingredient for any high performing team and trivia is a great way to have a good time and bond as a team. Most people enjoy this activity as there tends to be a variety of questions that cover a range of topics. 

One of our team volunteered their experience in running trivia and was given the responsibility of host and trivia master. They’d written five rounds of questions including general knowledge, movie quotes, current affairs, geography, and video games (as a tech company, a sports round would have been lost on many of us!) 

Our employees were divided into five teams of four chosen at random by our Chief Happiness Coordinator, Emma Schellhorn. Each team had a separate chat set up a few days prior so they could easily communicate with their team members – some even had customised backgrounds for their team! 

The first task was to decide on a team name and the scribe. We had some inventive names – The Quillers, The Underwood Appreciation Society, Jars Jars Binks, Kickass, Team Four Seasons Landscaping Supplies, and Eeee – we have no idea! 

As a Microsoft Partner, we opted to use Microsoft Teams to host the virtual event. Designed for businesses, Microsoft Teams can manage large volumes of attendees and has advanced functionality to manage audiences and to mute others! Microsoft Teams has recently added the functionality to spin up break-out rooms, however, we choose to use Teams chat to discuss answers between team members.  

Team Four Seasons Landscape Supplies won by a mile with 36 points, congratulations Stuart Moore, Benjamin WirihanaJenna Blake, and Philip Smith you are the Insync Trivia Champions! 

The key to staying connected while working remotely is to spend time with other employees within the company – even if this is virtual! Holding regular events including monthly company-wide updates and events can all contribute to a sense of community and connectively – and ultimately support a positive work culture 

Learn how Insync Technology can implement vibrant, connective communication tools within your company by filling out the form below or reaching out via the contact us page. 

 

microsoft products

Transitioning from G-Suite to Microsoft 365

The first few days and weeks in a new job can be daunting as you begin to navigate a new position, company, and its systems. For me, the biggest challenge was the migration from G-Suite to Microsoft 365. Over the past 11 years since I left high school, I had worked solely within G-Suite or with Mac Desktop AppsDuring this time Microsoft has made significant advances in cloud and Artificial Intelligence and had infused them into their productivity platform. Keep reading to learn more about my experiences with the two competing suites. 

On streamlining process 

In any role within an organisation there are several repetitive tasks that need to be completed on a regular basis. In marketing these generally, entail ongoing company updates on marketing activities and campaigns. 

One of the programs I managed as part of my previous role was the customer feedback program for over 300 business sites (which the company I worked for managed), and thousands of individual customers – this included generating reports, monitoring engagement, data validation, and management updates. To streamline this process there were six Google Forms (one for each of the Industries) and a central spreadsheet that pooled all the information, from here Google Data Studio would generate reports. To correctly analyse the data not only by industry but across the business (e.g. food quality, presentation, service quality etc) we hired an external partner to automate part of the data management. Which meant each time the automation failed you would either need a firm grasp of spreadsheet coding or you would need to lodge a ticket – which often took days! Due to the large volumes of data being processed Spreadsheets would often crash or you would experience “real-time” data delays. As a result, a large percentage of my time was dedicated to resolving issues and program maintenance rather than data analysis and Plan for Improvement (P.F.I) strategies. 

In comparison, Microsoft 365 offers several solutions to reduce and even eliminate time-consuming day-to-day administration tasksand by using Power BI – data analysis is simple and straightforward. Automation is possible across multiple platforms including PowerApps, Power Automate, or SharePoint, and have the capacity to work across multiple products within the Microsoft 365 suite. This has quickly become my favourite feature of Microsoft 365, not only does it streamline workflow, but offers a simple solution that anyone no matter what their technological proficiency can set up – no-code automation. In less than an hour (once I had sat through some of the Microsoft Power BI training Microsoft), I was able to set up a number of Marketing Social reports and have them automatically post to a central Marketing SharePoint page which I had created using the template available, these now automatically refresh, giving our management virtually real-time data on our marketing reach, analytics and results. 

On collaboration 

The last time (2008-09) I used Microsoft collaboration platformsit was lagging in cloud-based collaboration in comparison to Google. Nowboth platforms provide multiple desktop and mobile apps that enable collaboration between employees through collaborative documents, video conferencing & meetings, instant messaging, and many more 

As with many contemporary companies, my previous company and Insync rely heavily on instant messaging for collaboration. Whilst Microsoft was the first out of the two companies to develop a web messenger app with Microsoft Messenger/ MSN in 1999, Google Hangouts in my experience has a simpler user experience its main benefit being that the messaging client is integrated with Gmail and enables aeasy one-stop tool for communication – instead of overcomplicating it and having multiple desktop apps open. 

Despite this, my recent experiences with Teams Meetings have unveiled several features (especially for the workplace) which overall surpass GSuite capabilities. The four which resonate with me the most are the recent updates to Teams Meetings.  

  1. Teams capacity – everyone can join the conversation, with the capacity of a team size increasing to 10,000 in May 2020. Google in contrast struggles with 15+.
  2. Teams have adapted to new meeting etiquetteif you do not want to interrupt the speaker?  No problem, raise your hand! 
  3. Presenting capabilities – whilst Teams has had the option to choose your background since early 2020, their most recent announcement at Microsoft Ignite to have you slides presented with you in the foreground is a natural evolution with the transition into hybrid work environments. This is particularly relevant to companies like Insync Technology who hold regular training and webinar events. 
  4. Live captions are now able to attribute the name of the speaker when generating captions during a meeting. A great feature when referring to or, conducting interviews! 

On content development

Content development is fundamental to any Marketing Strategy. As a result, my previous role entailed content development for point of service, fact sheet, website, company communications, social media, and the company magazine – it was a central component to my everyday work. To ensure it was not only informative but quality content I would often use software such as Grammarly to help improve my writingI no longer need to copy and paste into another software (then paste and reformat once it has been reviewed). With Microsoft 365 – Word has an ‘editor’ feature built into the program which not only checks spelling and grammar but helps to refine clarity, conciseness, formality, punctuation, and vocabulary – a handy feature when producing large volumes of content! 

However, the most impressive advancements Microsoft 365 is within PowerPoint. I would often use Google Slides to create editable templates for our sites and during pitches to the board at my previous company. It enabled me to create on-brand templates and control (to a degree) what was editable to another user, in addition to its core function as a presentation tool. There were many limitations to using Google Slides the most frustrating being that it often distorted and corrupted images placed into the presentation, especially if it was to large or there were multiple pages – this was particularly common if you tried to print the document. It also had limited presentation functions and no capability to record.   

PowerPoint has been designed to help users improve their presentation skills and ensure that the information is easily digested by the viewer. The presenter coach is a particularly useful tool to optimise the delivery of your presentation, something that would only be possible after you had presented or by practicing with friends and family! 

 On G-suite vs Microsoft 365  

One thing Microsoft 365 has really focused on is the ease of transition from the G-Suite. Not only in terms of technical competence but in terms of getting to grips with the products within the suite and ensure end-users have relevant and comprehensive guidance on all of the applications within the suite. Microsoft has a handy Adoption Centre to centralise all its end-user and IT pro guidance for getting the most out of Microsoft 365.

Whilst the user experience is not as simple as Google the use of AI technologies and understanding of the core use of each of their products really sways in their favour – especially in the terms of productivity. Put simply – Google is simple for simple use cases, but for cloud & AI-infused productivity gains, as well as a more cohesive experience – Microsoft wins hands down.

Inside Insync – Sharon Peacock

Today we meet:

Sharon Peacock

Office Administrator

Time with Insync: February 2019

Previous notable time in IT industry/customer/vendor:  Prior to commencing with Insync I worked in the medical industry as an Administration Secretary for 25years.

What are your best skills for your role?

As an Administration Secretary, I find being flexible, approachable, and able to time manage are the most important. I can definitely say any tech skills are off this list!

What do you like about your role?

My previous roles prior to at Insync were very different, here no two days are the same. I like the variety. Each day I work across multiple areas of business from Service Desk, Accounts, Sales to working with the project team – it’s great to work with such great people. I also really value the flexibility I have for work-life balance.

What trends are you seeing with customers?

In my position, I have really noticed the impact COVID has had on our customers.  COVID meant a lot of customers had to relocate their staff to work from home, this meant quite a few orders came through for headsets etc. Working from home has become the new trend.

What do you think about the opportunity for Teams for customers?

From what I know about IT – and that is not a great deal, Teams is a great communication tool for internal and external customers.

Where have you used Insync core values in Insync everyday work life:

“Don’t walk past a problem” as it will only get bigger! And incorporated in this is being open and honest.

What do you like to do in your downtime?

I usually like to keep busy.  I like to be at home doing gardening and presently I am trying to finish decorating my home.  Away from home, I love to go camping to reconnect with the universe.  The beach is another favourite to visit with my husband and girls, especially the dog beach!

 

Keeping your flow with Microsoft Teams

As Microsoft Teams continues to grow in both popularity and capability, it is important to find a way to manage the platform that ensures productivity and not just interruption. In a nutshell, you need to find your ‘flow’.

What is flow?

Flow is the state of concentration at work we seek to maximise our skill level and keep us motivated without pushing us out of our comfort zones.

Think of it as the sweet spot with our work productivity.

In our current ever-changing world, technology can be disruptive to our flow. Too much disruption and interruptions can subsequently cause workplace anxiety. Microsoft 365 (M365) has a few effective yet underrated features that can help to reduce the noise and keep your flow, well, flowing.

Tips for managing interruptions:

This is by no means an exhaustive list, but a curation of my favourite features that help me manage my flow which in turn, helps me keep productive and achieve my outcomes.

Tip1: Set your status. Your status automatically changes depending on your calendar items, setting it to busy or showing when you’re in a meeting for example. Did you know you can also override this at any time? A recent update to this was the addition of appearing offline. You can also write a custom status message to give your colleagues some information about your status at this time. This message can clear after the workday or persist for longer periods, all set by you.

Tip 2: Use Focus Assist. Accessible in your Windows 10 settings, Focus Assist is a handy feature that allows you to minimise or stop notifications when you need to stay focused. When activated, your colleagues will see your status as focusing.

Tip 3: Manage your growing list of tasks with ToDo for personal tasks and Planner for team tasks. Better yet, enjoy the simplified view of this, plus your Outlook tasks, with the new Tasks app in Teams, available on the left-hand side of the screen. For now, this may still be called Planner in your Teams environment, but it will be renamed Tasks soon.

Keeping track of all of your actions will help you to create and prioritise them so that you can continue with the task you’re trying to focus on!

Tip 4: Set your own rules of engagement. Put a placeholder in your calendar to look at @mentions or other notifications in Microsoft Teams. This will prevent you jumping from task to task and getting distracted throughout the day. Consider putting your standard days and hours of availability in your signature block if you’re a part time worker.

There is a vast array of features in the M365 suite that can assist you with time management and wellbeing. To keep things simple and maintain your flow, try following these four tips.

Direct Routing Improvements for Australian Tenants

If your organisation is using Microsoft Teams and your Microsoft 365 tenant is hosted within the Australia region, there are two ways that public switched telephone network (PSTN) calling can be introduced to your Microsoft Teams environment. These are: 

  1. Use Telstra Calling (calling plans) 
  2. Use Direct Routing 

 

Given its deployment flexibility and ability to support a wide range of deployment scenarios, more often than not we see Direct Routing as the technology chosen to meet an organisation’s needs when adding PSTN calling to Microsoft Teams.  

Whether you want to migrate from an existing Private Automatic Branch Exchange (PABX) platform to Teams Voice over time, or you have an existing Skype for Business environment with infrastructure that natively supports Direct Routing with Teams, it’s relatively quick and easy to augment the existing telephony and introduce Teams Calling. 

What is Direct Routing? 

Plainly speaking, a Direct Route is simply a Session Initiation Protocol (SIP) trunk between a Session Border Controller (SBC) and Teams. It’s one of two call legs between Teams users and a telco trunk provider:  

When an SBC is configured to interface with Teams via Direct Routing, we need to let the SBC know where to send calls to (and receive calls from) in order to support PSTN calling.  

No matter where you are in the world, the same configuration is used, with the following Fully Qualified Domain name (FQDN) resolving to the closest Teams Direct Route infrastructure in relation to the SBC:  

  • sip.pstnhub.microsoft.com  

Today, in Australia, if we resolve the above FQDN, Teams Direct Route SIP infrastructure that’s returned is located in South East Asia (Singapore), with an IP address of 52.114.14.70. This is where our SBC will send SIP signalling when setting up a call: 

Just in case there’s an outage with infrastructure located closest to the SBC (in our case, SE Asia), Microsoft also publish the following FQDNs that will resolve to secondary and tertiary infrastructure located somewhere else in the world. So again, when resolving these FQDNs from an SBC located in Australia, they return the following:   

  • sip2.pstnhub.microsoft.com (United States) 

  • sip3.pstnhub.microsoft.com (Europe) 

As the examples above show, historically SIP signalling for Teams PSTN calling was not routed via Teams infrastructure located in Australia, as it has not existed.  

That is not to say that media associated with my call follows the same path. Infrastructure that supports media traversal (Media and Transport relays) have been available and deployed in Australia for some time, it’s just the signalling component that negotiates and sets up the call that’s been routing via infrastructure that resides off shore for Australian tenants. 

New Infrastructure Deployed in Australia 

In order to cope with increased traffic (mainly due to COVID-19), and to reduce latency, Microsoft have recently deployed additional infrastructure in Australia that will handle SIP signalling for Direct Routing.  

This ensures that all traffic associated with Teams PSTN calling (signalling and media) stays within Australia and should mean call setup is quicker for Australian tenants. 

One other FQDN that Microsoft publish, related to Direct Routing, is sip-all.pstnhub.microsoft.com. This one is useful, as it resolves to all IP addresses that an SBC might use globally when Direct Routing is deployed. Looking at the IP addresses that are returned when resolving this record, note two new entries: 

These IP Addresses represent SIP infrastructure that has been deployed in Australian datacentres to support local SIP signalling for Australian tenants. 

How do I use them? 

Today, these IP addresses are not being returned when resolving the primary Direct Route FQDN sip.pstnhub.microsoft.com from Australia. We expect this will be the case soon, however if you want to use them anyway, you can! 

  1. Add static DNS host entries to your SBC (the following example is from a Ribbon SWE Lite virtual appliance)
  2. Confirm that SIP Signalling is routing to one of these IP addresses:

This configuration won’t be necessary once Microsoft’s primary FQDN for direct routing resolves to these IP addresses automatically. But until then, manual configuration lets you take advantage right away. 

Rather than working with separate partners for your Microsoft 365 and telco needs, you can now integrate cloud telephony via Teams Calling with the rest of your Modern Workplace environment – all set up, managed, and supported by Insync Technology 

Take the next step on your Modern Workplace journey with VoiceX and enjoy the benefits of increased efficiency and improved productivity. To learn more about VoiceX, get in touch today 

mvp status

Becoming a Microsoft Most Valuable Professional (MVP) – Michael Zanatta

We are pleased to announce that our Senior Consultant, Michael Zanatta, has been presented with a 2020-21 Microsoft Most Valuable Professional (MVP) award for the award category Cloud and Datacenter Management. Michael will join colleagues Megan Strant and Loryan Strant who currently hold an MVP award in the Office Apps & Services category.

The Microsoft Most Valuable Professional award is given by Microsoft to community-focused technology experts who have been recognised and nominated in their area of expertise. We caught up with Michael to gain a bit more insight into his journey and receiving the MVP award.

Tell us a bit about how your journey, how you got here?

Actually, it all started because of a virus which infected on my dad’s computer. Ironically, the virus was called Windows 95 CIH. Of all the viruses to put on my parent’s computer, that one was probably the worst. Back in those days, motherboards only had one BIOS (Basic Input Output System) and didn’t have any recovery features. So when the virus reached the predetermined time, it would attempt to overwrite the BIOS chip on the motherboard, effectively killing the motherboard. So not a good start, but an interesting start to say the least!

After that, I got into computing (Grade 9). My dad worked in IT, so he introduced me to IT by teaching my DOS 4.6, and then I was batch scripting. Soon after that, I learned VBScript and VB.NET. Since I was learning to code while I was attending school (back in the days of Windows XP), a lot of my personal projects were pranks that I deployed at school. For instance, I wrote a Remote Control Application (Task Control, Computer Control) and messaging chat script similar to MSN Messenger. Much fun!

So, what is your area of expertise?

My area of specialty is Powershell. I’m a Powershell Subject Matter Expert. That’s really my area specialty, but really like what I do, obviously from day-to-day is more IT Process Automation/ Integration and WinOps/DevOps.

That is interesting, and with the MVP award could you tell me like a little bit how it works. Did someone nominate you for it? Or was it something that you went after yourself?

It’s a nomination by peers/others – It has to be done by either an existing MVP or a Microsoft employee. I was nominated by a Microsoft employee who was a former MVP.

What does the MVP award mean to you? What sort of benefits does it have for you?

There are many benefits that the award gives, but for me, I think it’s good to be recognised for the community involvement. It’s always nice to have someone say, ‘Hey, thanks for the input, it helped me with such and such’ Having that recognition is really good.”

MVP’s have access to a lot of NDA content from Microsoft that I can’t talk about. But there are other things like you can get a Visual Studio Enterprise subscription, which is fantastic for me as a coder.

You also get Azure credits so you can run services in Azure, but there’s a lot of little benefits with (MVP status) as well.

Outside of Microsoft third-party companies also come to the plate so they have their own MVP program so you can go to them and get additional valuable software from them as well. That’s handy to help you develop your journey.

Do you have a favourite platform you post on or a particular article that you have contributed to?

I think the two major articles/passion projects are the PowerShell Conference Books, Volume 2, and Volume 3. Working on the book is a full-time job outside of work for about four months.

Volume 2 is a bit of an interesting story. Initially, I was a contributor, I wrote a chapter for the book, and then I jumped on board as unofficial editor. The book is about 600 pages, so it’s not a light read! While it’s a ‘conference in a book’, you are reading a series of lectures/ deep-dive topics. It also serves as a textbook resource.

Now I’m working on Volume 4 which is exciting, and I’m taking ownership of the project as editor-in-chief. It’s a really exciting challenge.

I am also working on a PowerShell Module which allows new MVP nominees to automate their submissions, saving a considerable amount of time.

I also spend time talking to students, teaching them some PowerShell to get them to automate their labs a bit easier, and demonstrate how cool PowerShell is. During those talks, I also do a non-nonsense open IT AMA session where students can ask questions about IT.

Do you have any tips for anyone else – who is striving for an MVP award?

I think if you want to get an MVP award, the first thing you need to think about is why do you want to do it.

The best piece of advice I could probably say is if you’re in the right mindset, then everything else will come along. Be good at what you do, and love helping others. I think those are really the two key it that you could probably take away. And be prepared to get your hands dirty and spend a lot of time going the extra mile.

For me, I am committed to upskilling the Reddit community and realigning them back with the PowerShell community. It’s really really tough; you have your good days and bad days.

Is there anything else you would like to mention in regards to the MVP award?

Don Jones, wrote a book called “Be the Master”. Don uses the analogy of the apprentice and the master and how the apprentice learns from the master. The difference between the master and the apprentice is that the master teaches. So when a person has the skills and proficiency, they can start going a mentoring someone else. This reinforces what you have learned and forces you to learn something new. Having that mindset and being around those people is fantastic. I would also like to point out that we should always be putting on the apprentice hat and learning new things. When you have mastered something, learn something else.

Fundamental Security for Microsoft 365 – What do we need to do?

Fundamental Security for Microsoft 365 – What do we need to do?

  • Enforce MFA
  • Utilise Conditional Access to limit access via IP/Subnet, device, location
  • Block Legacy authentication
  • Manage External sharing with SharePoint
  • Mobile application management
  • Block / Audit Exchange forwarding rules
  • Block App Consent

In this blog, we will cover the fundamental security controls that ANY organisation should be using in this new hybrid world of work. It’s important to consider a variety of different security controls, particularly when staff are remote, from unfamiliar locations and possibly unfamiliar devices. With cybersecurity becoming a board-level responsibility, too often we find organisations with poor security controls applied to one of their biggest investments and locations of information, Microsoft 365.

Generally, we split the key things organisations should be doing into two categories – User Controls and Admin Controls. User Controls being things that touch the user, that the user can help be responsible for their own security and that of the organisation. Admin controls aren’t exposed to the end user but provide valuable minimums in protecting an organisation from various vulnerabilities or threats.

If you get nothing else from this blog other than the impetus to go and implement these in your organisation, we will consider this a success! If you need help implementing what’s discussed here or want a further conversation around our managed Microsoft security platform, @M365 Secure, please hit the links below to get in touch.

 

User Controls

Multifactor Authentication

Do we actually need to say this anymore? Apparently so, after a recent survey revealed that 78% of Microsoft 365 admins don’t activate MFA. This might sound like an aggressive statement but having dealt with organisations using these excuses not to implement basic security norms too often, it just needs to be said: Any organisation that hasn’t implemented this or is planning to – is either derelict in their duty, has a poor culture and difficult employees, or has some intractable technical problem that cannot be overcome. Deploy MFA, do some training, spend the time with your users to onboard them and then build the process into your employee lifecycle. Staff play a role in protecting organisational assets, not just the CISO or the board. If staff have an issue with the extra level of security, consider the scenario where they are the cause of a security breach that results in financial loss and flows over to job cuts – including theirs. That should be enough for staff to take on the responsibility to protect their job, their peers, and their employer. Financial loss flows through many parts of an organisation and can impact people as well as reputation.

Deploy MFA, do some training, spend the time with your users to onboard them and then build the process into.

External Sharing

This is a contentious one – often you need external sharing enabled to allow people to share files with contractors, visitors, business partners etc. SharePoint External Sharing is a top-level configuration setting which controls sharing content from SharePoint to anyone, including external accounts. It also offers control at the individual site level, but many admins aren’t aware of this. Some organisations might turn this off completely instead of being selective, but its worth understanding the implications of external sharing with regards to SharePoint, OneDrive (because this lives in SharePoint effectively) and Teams. Check out a link by our own Loryan Strant describing recommended External Sharing settings here.

Mobile App Management

For those customers that have access to Endpoint Manager (formerly known as Intune) as part of Microsoft 365, implementing Mobile Application Management (MAM) is another key aspect of managing corporate data leakage. MAM gives the ability for granular in-application controls, limiting things like saving data locally to mobile devices, inability to copy and paste data from corporate applications to consumer applications, and preventing screenshots and other items that could be construed as data leakage. This also means that consumer or personal devices can be used for business purposes, and securely separated so that work applications can sit side-by-side with consumer/personal applications in sandboxed areas.

Self Service Password Reset

No more continuous calls to the ICT Service Desk to get passwords reset, or an on-premises only server that can reset them. Enrolling staff in Self-service Password Reset relieves the service desk, allows 24/7 password resets from anywhere in the world based on known user criteria.

Admin Controls

In order of importance here…

  • Conditional Access
  • Block forwarding
  • Block consent
  • Block legacy authentication

Conditional Access

Conditional Access is straightforward – it lets you set conditions on who can access your data and Microsoft 365 services. These conditions could be – only from your office IP addresses, only using a corporate owned device, only from a device with up to date security patches etc. The basics should be set up to reflect your level of acceptable risk. Conditional Access works in tandem with MFA, allowing you to set stateful rules in addition to MFA to access resources.

However, in a COVID-world, it’s hard to lock down access via IP, if no one is in your office. So, you should think about what minimum conditions you want to impose for users to access your data. We would suggest allowing access from:

  • From a corporate owned or managed PC
  • Up to date antivirus/Windows Defender
  • Blocking swathes of geography where you have no users – e.g. Continental Europe, Asia
  • Blocking unsupported applications – e.g. specific mail clients and look to something that can utilise modern authentication, like Outlook Mobile or Nine.

Legacy Authentication

Legacy authentication comprises older protocols like Exchange Web Services, Autodiscover, SMTP – which have been phased out in favour of “modern” authentication which allows such things as multifactor authentication, per-session limits and controls – simply unavailable in older protocols. It is well known that most attacks on infrastructure utilise legacy authentication – looking for a hole in which to get in.

Implementing legacy authentication is a really simple process – in fact, Microsoft will tell you what applications are accessing your Microsoft 365 platform and using legacy authentication so you can remediate if you see fit. It could be someone had an old printer using SMTP that needs to be sorted out before you can totally block legacy auth.

Head over to:

  1. Jump into the Azure portal > Azure Active Directory > Sign-ins.
  2. Add the Client App column if it is not shown by clicking on Columns > Client App.
  3. Add filters > Client App > select all of the legacy authentication protocols. Select outside the filtering dialog box to apply your selections and close the dialog box.

This will show you what people, applications or clients are using legacy auth. If you don’t recognize any, and are comfortable with that – you can then go ahead and block legacy authentication from your tenant.

Block Consent

One of our favourite topics and one that we believe not enough customers review and manage sensibly. We’re not sure why this isn’t more prominent with Microsoft and organisations, but the consent process allows third-party applications access to the user in Microsoft 365, and consequently, whatever the user has access to in Microsoft 365.

Obviously, third-party consent to users’ applications and attributes are super important for app functionality, and there’s lots of apps that are beneficial to end user productivity. Items like Trello, Salesforce, AvePoint Cloud Governance etc. It’s an important part of the Office 365 / Microsoft 365 ecosystem. But – it should be carefully managed. It is almost too easy for users to click through and add applications to their workplace experience, but have little idea what data that application can access, where it is stored and what that organisation does with its data.

To be on the safe side, we generally recommend customers white-list their preferred external applications after going through an audit process, even if it is just high-level. This will allow some oversight for applications that are integrated with Microsoft 365 and limit the risk of data leakage to low quality or unsupported applications.

Block Exchange Forwarding

Some users like forwarding their mailboxes to external mailboxes for historical or posterity purposes. Sometimes this is acceptable in some organisations, particularly if someone is taking a sabbatical, they may want their mail forwarded, but generally, you don’t want automatic forwarding taking place from an internal mailbox to an external party.

This is how some organisations have been breached – for example, an accounts payable user with their mail being forwarded could open up the ability for someone to receive invoices, modify them and return leading to fraud. Stop this by following this guidance.

If you need help implementing what’s discussed here or want a further conversation around our managed Microsoft security platform, @M365 Secure, please hit the links below to get in touch.

 

show